Randy B wrote:
> No. I think you are thinking in the wrong direction if you want rules
> from one rulebase to magically expand into four rulebases. That's not
> something I've ever wanted, I'm unsure how you ended down that train
> of thought.
I think I started that [explicit] train of thought, simply because no
matter how your GUI presents it, rules will always end up
interface-based at some level - networks are just that way. A GUI is
just going to provide pretty indirection.
You provide no concrete reasoning for your speculations, and I think
that you're wrong.
I'm not going to deny that interface-based rulesets are complex - they
are intentionally so, because it's the only way to account for 100% of
all edge cases. If you want a GUI to hide that complexity for you and
be right 90% of the time, that's up to you.
You're saying that the world's largest firewall vendor only account
for 90% of their customer's security? I think you're wrong here, too
:-).
Even though I've ooohed and aaahed over the niceness of pfSense, I've
honestly been considering going back to a raw iptables firewall/router
I officially consider you slightly insane now, hehe.
Or at the least, you have way too much free time on your hands :-).
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
